Multi-License Discount Quote

Change Region

English Português
Threat Database Trojans Trojan.Gator

Trojan.Gator

By CagedTech in Trojans
Translate To:

Threat Scorecard

Popularity Rank: 53
Threat Level: 20 % (Normal)
Infected Computers: 1,115,562
First Seen: July 24, 2009
Last Seen: January 26, 2026
OS(es) Affected: Windows

Trojan.Gator is a threatening software that may display fake warnings about the user's system. The Trojan.Gator enters an operating system with the intent to change and modify the Registry, as well as its permission policies. Trojan.Gator may be distributed through fake Windows updates, third-party programs claiming that they are needed to watch videos or a specific website, or also through clicking on banners and advertisements or download attachments. Social media also may be a source of Trojan.Gator if the users receive suspicious files and execute them.

Trojan.Gator also may show warnings referring to corrupted Windows system files that need fixing. The removal of these files may create system instability or crashes so that the users should be aware that these alerts, scan results, and pop-ups are a scare tactic meant to lull them into clicking and installing more threats on their machines. Trojan.Gator also may disable other software types on a PC, such as anti-virus suites and/or the Windows Firewall.

SpyHunter Detects & Remove Trojan.Gator

Registry Details

Trojan.Gator may create the following registry entry or registry entries:
File name without path
About GAIN Publishing.lnk
appllist
appmgrgui.zip
cmeupd.exe
egieengine.dll
egieprocess.dll
egnsengine.dll
gator ewallet.lnk
gator website.url
gator.com.esp
gator.exe
gator.log
gatorplugin.log
gatorres.dll
gatorsetup.log
gatorstubsetup.exe
gatorsupportinfo.txt
gmt.exe.manifest
gstartup.lnk
gstore.dll
hdplugin1019.inf
InstallDateManager.exe
mepcatne.dat
mepconv.dat
meprca.dat
mepsi.dat
meptafi.dat
offercompanion.lnk
precisiontime.lnk
PTUninstaller.exe.manifest
sitehash4.dat
sitehash52.dat
svcsap.hsh
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
Date Manager
PrecisionTime

Cookies

The following cookies may be associated with Trojan.Gator:

Gator
dist.belnk
webpdp.gator

Analysis Report

General information

Family Name: Adware.Gator
Signature status: No Signature

Known Samples

MD5: 0ea78f231cf0a6bd947065745946381d
SHA1: 8d9c7f4d12b56c1ef7b2799e8b50a89857dce3c6
SHA256: 6F25A30891B08AF923044E63A437952C77A7E90B2D37CC7BC00B3521A77371ED
File Size: 283.17 KB, 283170 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
File Version 4.2.0.1
Original Filename Trickler.exe
Product Version 4.2.0.1

File Traits

  • x86

Block Information

Total Blocks: 993
Potentially Malicious Blocks: 539
Whitelisted Blocks: 453
Unknown Blocks: 1

Visual Map

x x x x x x x x x 0 x x x x x x 0 0 x 0 x x x x x 0 0 x x x x x x x 0 0 x 0 x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x 0 0 0 x x x x x x x x x x x 0 x x x 0 x x x x x x x x 0 0 x 0 x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x 0 ? x x x x x x x x 0 x x x x x x x x x 0 x x 0 0 x x 0 0 x x x 0 x x 0 x x x x x x 1 x x x x x x x x 0 0 0 x 0 x x x x 0 x x 0 0 x x x x 0 0 0 0 0 0 0 0 x x 0 0 0 0 x x 0 x x x 0 0 x x 0 0 x 0 0 0 x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x x 0 x x x x x x x x x x x x x x x x x 0 x x x x x x x 0 x x x x x x x 0 x 0 x 0 x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x x x x 0 x 1 x 0 x x x x x x x 0 x x x x x x x x 0 x x 0 x x x x 0 0 x x x x 0 x 0 x x x x x x 0 x x x x x 0 x 0 0 0 x x x x x x x x x x x x x x x x x x x x x 0 x x x x x 0 x x x x x 0 x x 0 0 x x x 0 x 0 x x x x x x x x x 0 x 0 x 0 0 x x 0 x x x x 0 x x x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 x x x 0 x x x x x x x x x 0 x 0 x x x x x x x x x x x x x x x x x x x x x x x 0 x 0 0 x x x x x x 1 x x x x x x x x x x x x x x x x x 0 0 x x x 0 x 1 x x 0 0 0 x x x x 0 x x x x 0 0 x x x x x x x x x 0 x x x x x x x x x x x x x x x x x x 0 0 1 0 0 0 0 0 1 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x 0 x x x x x x 0 0 0 0 0 0 x x x x x x x x x x x x x x x x x 0 x 0 x 0 x 0 x 0 0 0 0 0 0 x x x x x 0 0 0 0 0 x x x x x x x x x x x x x 0 0 x x x x 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Gator.A

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\wow6432node\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}::uets 偉쑪㌏⭑ RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}::gef @ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler::firststartvalue ͉ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\gator\dyn::pdpfirststart 841:NEW RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask ￿ RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask ￿ RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory %windir%\tracing RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\ginternet\proxy::enabled RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\gator\stat::guid 1692DA31-0A72-459B-9AF9-9940557FC3B5 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}::gmg 1692DA31-0A72-459B-9AF9-9940557FC3B5 RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::filedones RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::urltime RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::urlsize ￿￿ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\dl::storedfile RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\chk::checkfailures RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\chk::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\silentsetup\chk::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::filedones RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::urltime RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::urlsize ￿￿ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\dl::storedfile RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\chk::checkfailures RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\chk::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\bundle\chk::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::filedones RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::urltime RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::urlsize ￿￿ RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\dl::storedfile RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\chk::checkfailures RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\chk::attempts RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler\files\oemresdll\chk::errors RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler::starttime 娟楰 RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\trickler::starttime 娟楰 RegNtPreCreateKey
HKLM\software\wow6432node\gator.com\gator\stat::guid 9136D7BB-7BB6-491A-80FD-4E1398D5F4C9 RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}::gmg 9136D7BB-7BB6-491A-80FD-4E1398D5F4C9 RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
Network Wininet
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
Network Winhttp
  • WinHttpOpen

Related Posts

Trending

Most Viewed

Loading...